Last year I was doing a security assessment on a target in East Africa. I was in Lagos. The system I needed to test was region-locked, so I spent two hours trying to configure a proxy to look like I was browsing from Nairobi. SOCKS5, HTTP tunnels, Burp upstream proxy settings — nothing worked cleanly. I eventually outsourced it to a senior colleague and didn’t even ask how he solved it because I was too frustrated.

A few months later I tried to register on Outlier. Same problem, different direction — Outlier blocks Nigerian IPs. I closed the tab.

That second block is what started Shroud.

The idea

I wanted one tool that could answer a single question: what if changing your apparent location was as simple as clicking a country on a map?

No proxy config. No hunting for SOCKS5 servers. No terminal commands. Pick a country, connect, browse. The underlying machinery should be invisible.

The core insight was that most privacy tools are built for power users. Tor Browser is excellent but gives you no control over exit geography. VPNs are simple but expensive and untrustworthy. Proxy managers are flexible but require setup that breaks under pressure.

Shroud sits in the middle: real anonymity infrastructure (Tor + residential proxies), wrapped in something a non-technical person can use in 30 seconds.

Architecture

Shroud is an Electron app. The renderer is React. The routing engine lives in the main process and manages two routing tiers:

Tier 1 — Dedicated residential proxies via Webshare’s API. When you pick Germany, Shroud routes through a real residential IP in Germany. These proxies aren’t listed on blocklists because they belong to real ISPs, not datacenters. This is the green layer on the map.

Tier 2 — Tor exit nodes for everything else. The app bundles a Tor binary, spawns it on startup, and uses GeoIP files to enforce country-specific exit nodes via ExitNodes {DE} StrictNodes 1 in the torrc. This covers 50+ countries. This is the amber layer.

The world map itself is pure D3-geo rendering topojson. No map library — just SVG paths projected with geoMercator. Countries are colored at render time based on which routing tier covers them. Click a country in the list on the right, the map highlights it, the panel shows routing details, you connect.

// torrc built at runtime per country selection
const torrc = `
SocksPort 9050
ControlPort 9051
GeoIPFile ${geoipFile}
ExitNodes {${countryCode}}
StrictNodes 1
`.trim();

When you switch countries, Shroud kills the Tor process, rewrites the torrc with the new exit node config, and respawns. It polls port 9050 until Tor bootstraps, then sets the proxy on both the main Electron session and the BrowserView session before allowing navigation.

The leak problem

Getting the IP right is the easy part. The hard part is making sure nothing else leaks.

WebRTC is the main culprit. It bypasses proxies by design and exposes your real IP through STUN/TURN negotiation. Shroud kills it at the preload level, before any page JavaScript runs:

// browserPreload.js — injected before page load
const noop = () => {
  throw new DOMException('WebRTC disabled', 'NotSupportedError');
};

['RTCPeerConnection', 'webkitRTCPeerConnection', 'mozRTCPeerConnection',
 'RTCDataChannel', 'RTCIceCandidate', 'RTCSessionDescription'].forEach(prop => {
  Object.defineProperty(window, prop, {
    value: noop,
    writable: false,
    configurable: false,
  });
});

configurable: false is the key. Without it, page scripts can restore the original constructor and leak your IP anyway.

Timezone and locale are the next vectors. A US IP with a Africa/Lagos timezone is a dead giveaway. Shroud overrides Intl.DateTimeFormat to match the target country's timezone, and injects the correct Accept-Language header on every request.

Canvas fingerprinting gets noise injection — a single XOR bit flip per 100 pixels. Invisible to the eye, but it changes the canvas hash enough to break cross-session fingerprint tracking.

The result on browserleaks.com after connecting to US:

• IP: United States ✅
• WebRTC Local IP: n/a ✅
• WebRTC Public IP: n/a ✅
• DNS: Encrypted ✅
• Timezone: America/Detroit ✅

Back to Outlier

Once the proxy was routing correctly through a US residential IP, I went back to Outlier’s registration page.

It loaded.

Full registration flow, no block, no “we can’t serve your location” message. A US residential proxy through Shroud looks indistinguishable from a real US user because it is a real US IP from a real ISP. Tor exit nodes get blocked because they’re publicly listed. Residential proxies don’t.

That detail matters for anyone doing security assessments on region-locked targets: the routing tier you pick changes what you can access. Shroud makes that choice visible and deliberate.

What’s next

Shroud is cross-platform. The Electron shell handles Windows, Linux, and macOS. The Tor binary is platform-specific but the rest of the codebase is identical across platforms.

A few things I want to add:

• Proxy health monitoring — automatically rotate to a healthy proxy if the current one goes down mid-session
• Custom proxy support — let users plug in their own SOCKS5 servers for assessments that need specific IPs
• Session isolation — separate browser contexts per country so history and cookies don’t bleed between sessions

The code is on GitHub at github.com/userIssa/shroud.

Tolu Oderinde is a Certified Ethical Hacker and security engineer. He writes about offensive security tooling, heap exploitation, and building things that solve problems he actually ran into.